Coalition's Active Cyber Insurance: AI Risk Monitoring and the Conversational Security Assessment
TL;DR
Coalition cyber insurance AI is built around a model the company calls "Active Insurance": rather than underwriting a business once off a static application, Coalition continuously scans each policyholder's internet-facing attack surface and pushes real-time alerts when exposure changes. Founded in 2017 by former CIA analyst Joshua Motta and John Hering, Coalition has grown to roughly 110,000 active policyholders and is approaching $1 billion in annual gross written premium — one of the largest cyber insurers in the United States. Its data advantage is real: Coalition has reported that its policyholders experience roughly 70% fewer claims than the broader cyber market because it warns them before attackers strike. But even this technically advanced carrier still opens the buying process with a security questionnaire that asks applicants to self-attest to controls in yes/no fields — the same brittle layer that, per Marsh, gets 41% of cyber applications denied on first submission. The next frontier in AI cyber insurance underwriting is a conversational security assessment: an AI-led interview that captures the operational "why" behind each control, the context that both static forms and automated scans miss.
Who Coalition Is
Coalition is a cyber insurance and cybersecurity company that bundles active risk monitoring technology with the policy itself, rather than selling coverage as a passive financial contract. The company was founded in March 2017 by Joshua Motta — a former CIA analyst who previously ran special projects at Cloudflare — and co-founder John Hering, and it began writing business for small and midsize companies that same year. Forbes profiled the pair in 2024 as "two former spies" who cracked the cyber insurance market, a framing that captures Coalition's core premise: cyber underwriting is an intelligence problem before it is an actuarial one.
The scale is now substantial. Coalition grew to about 110,000 active policyholders in 2025, up from 91,000 a year earlier, and it has said it is approaching a billion dollars of premium on an annual basis — it wrote roughly $630 million in 2023, up from about $530 million in 2022. The company has raised around $800 million across seven rounds from investors including Ribbit Capital, Valor Equity Partners, and Index Ventures, reaching a $5 billion valuation with its 2022 Series F. Those numbers matter because they show the "insurance-plus-security" thesis is not a niche experiment; it is a top-four cyber carrier.
"Active Insurance": Continuous Monitoring vs. Point-in-Time Applications
Active Insurance means the carrier keeps assessing risk for the entire life of the policy instead of pricing it once at bind. Coalition frames its approach as three connected phases: an Active Risk Assessment at quote, Active Protection during the policy term (continuous scanning plus personalized alerts), and Active Response when an incident occurs. Traditional cyber insurance, by contrast, is largely a point-in-time transaction — the insurer reads an application, sets a price, and then hears nothing about the risk until a claim lands on the desk.
The difference is structural, not cosmetic. A company's cyber exposure can change the day after it binds coverage — a new server goes live, a vendor gets breached, a zero-day drops. A once-a-year questionnaire cannot see any of that; a monitoring system can. This is the same shift toward continuous, data-driven underwriting that we cover in our guide to AI in commercial insurance for brokers, MGAs, and carriers, and it mirrors what other insurtechs are doing in adjacent lines — from behavior-based auto pricing to smart-home telematics.
How Coalition's AI Scans and Scores Cyber Risk
Coalition's AI works by mapping and continuously monitoring each policyholder's public attack surface, then scoring the risk and alerting the customer when something changes. Its risk-management platform, Coalition Control, performs deep scans of an organization's IP addresses, domains, assets, and open ports, flags newly discovered vulnerabilities (including specific zero-day threats identified by its threat-intelligence team), and produces an on-demand Coalition Risk Assessment with an objective security rating. The platform is credible enough that the U.S. Cybersecurity and Infrastructure Security Agency lists Coalition Control scanning among its free cyber-hygiene resources.
The output volume is what makes the model work economically. Coalition has reported collecting more than 48 trillion data points on digital exposure in a single year and sending over 90,000 personalized alerts to clients, and it flagged more than 43,000 critical vulnerabilities to policyholders in 2022. That early-warning loop is why Coalition can claim its policyholders see roughly 70% fewer claims than the broader market. It also shows up in claims outcomes: in its 2024 Cyber Claims Report, Coalition found that about 60% of claims originated from business email compromise and funds-transfer fraud, that average ransom demands fell 22% year over year to $1.1 million, and that its response teams clawed back $31 million for policyholders — an average recovery of $278,000 per matter. For a broader tour of where machine learning is reshaping the risk desk, see our roundup of AI underwriting software compared by use case across personal, commercial, and life lines.
The Limits of the Static Security Questionnaire
The static security questionnaire is the weakest link in an otherwise data-rich process, because it asks a human to compress a messy security reality into yes/no boxes. Coalition's scanning tells the underwriter what is observable from the outside — exposed ports, unpatched software, leaked credentials. It cannot tell the underwriter what is happening inside the business: whether multi-factor authentication is actually enforced for remote access or just switched on for email, whether the documented incident-response plan has ever been rehearsed, or whether the "yes, we have backups" answer means immutable, tested, offline backups or a folder someone copies files into occasionally.
That gap is now a claims problem, not a hypothetical. Underwriting has shifted from trusting self-attestation to demanding evidence — screenshots, audit logs, third-party assessments — precisely because carriers were denying claims when forensic review found that attested controls were not in place at the time of the incident. Marsh has reported that 41% of cyber applications were denied on first submission in 2025, and that claim denial at payout climbed to about 21%, up from 15% in 2023. A form is uniquely bad at closing this gap: it front-loads effort, flattens nuance into dropdowns, and gives the applicant no way to explain "it depends." We unpack the mechanics of why forms leak information in why quote and claim forms lose business for insurers.
The Conversational Security Assessment
A conversational security assessment is an AI-led interview that replaces the yes/no questionnaire with a structured dialogue, following up on vague or high-risk answers the way a human underwriter would. Instead of asking "Do you enforce MFA? (Y/N)," it asks the question, hears "yes, mostly," and probes: on which systems, for remote access, for privileged accounts, with what exceptions? It captures the applicant's own words, flags the answers that need underwriter attention, and produces a structured record of intent — the exact context a static form throws away and a network scan can never observe.
This is the layer Perspective AI is built for. Perspective's AI interviewer runs hundreds of these security conversations simultaneously, follows up on uncertainty automatically, and hands underwriters a clean, structured summary of where the real risk lives — without asking a broker to chase a client through a PDF. Used as a concierge that replaces the intake form, it turns the first, most abandonment-prone step of the buying journey into a conversation the applicant actually finishes. Combined with a carrier's own scanning, it closes the triangle: the scan sees the outside, the interview captures the inside, and the underwriter finally prices what is real rather than what fit in a checkbox. You can start building an interview against your own underwriting questions in minutes.
The same conversational-intake logic is showing up across insurtech. It is the natural extension of Coalition's own philosophy, and it echoes what we describe in adjacent case studies — from Clearcover's API-first, AI-native auto model and the conversational quote to Kin's direct-to-consumer catastrophe-risk model and the conversational property interview and Ethos's data-driven, no-exam life underwriting and the conversational health interview. Hippo took a comparable step in home insurance, pairing IoT signals with a conversational risk interview.
Lessons for Specialty and Commercial Lines
Coalition's model offers three transferable lessons for any specialty or commercial carrier modernizing its underwriting. First, underwriting is a continuous data discipline, not a once-a-year form — the carriers winning the next decade will monitor risk across the policy term, not just at bind. Second, external data has a ceiling: scanning, telematics, and public records are powerful but blind to internal process and intent, which is why the human-context layer still matters. Third, the intake experience is a competitive weapon — the cyber insurance market is growing fast (Munich Re estimates global premiums reached around $15 billion in 2025 and will approach $28 billion by 2030 at roughly 15% annual growth), and the carriers that make it easy to give rich, honest risk information will win the accounts worth having.
For underwriting and product teams, the practical move is to layer a conversational assessment on top of whatever scanning or data enrichment you already run. It works for cyber, but the pattern generalizes to any complex line where the risk lives in context a form can't hold — which is most of specialty. For a wider view of what carriers, brokers, and agents should actually expect from these tools, see our guide to what an AI assistant for insurance can realistically do in 2026, and for the quote-claim-onboarding arc, our overview of conversational AI for insurance. The original proof point that a conversational front end can carry a whole insurance experience is still Lemonade's conversational AI case study; Coalition shows the same logic applies to the hardest risk to price.
Frequently Asked Questions
What is Coalition's Active Insurance?
Coalition's Active Insurance is a model that combines cyber coverage with continuous cybersecurity monitoring, so the carrier keeps assessing and reducing a policyholder's risk throughout the policy term rather than only at the point of sale. It works in three phases: an Active Risk Assessment at quote, Active Protection (continuous scanning and personalized alerts) during the term, and Active Response when an incident occurs. Coalition has reported that policyholders on this model experience roughly 70% fewer claims than the broader cyber market.
How does Coalition use AI to underwrite cyber insurance?
Coalition uses AI and automated scanning to map each business's internet-facing attack surface, detect vulnerabilities, and score cyber risk continuously rather than once at application. Its Coalition Control platform deep-scans IP addresses, domains, and open ports, flags newly discovered and zero-day vulnerabilities, and generates an objective security rating. The company has reported analyzing tens of trillions of data points and sending tens of thousands of critical-vulnerability alerts to clients each year.
What is the difference between active insurance and traditional cyber insurance?
Active insurance monitors and manages risk continuously across the policy term, while traditional cyber insurance is a point-in-time transaction that prices risk once from a static application and then stays passive until a claim. The active model warns policyholders about emerging threats before they become losses; the traditional model only reacts after damage is done. This continuous, data-driven approach is why insurtechs like Coalition report materially lower claims frequency than the legacy market.
Why do static security questionnaires fail in cyber underwriting?
Static security questionnaires fail because they force complex, changing security realities into yes/no boxes that can't capture context, enforcement, or nuance. An applicant may check "yes" for multi-factor authentication because it's enabled for email, not realizing it isn't enforced for the remote access an attacker later uses — and carriers increasingly deny claims when forensic review finds attested controls weren't actually in place. Marsh has reported that 41% of cyber applications were denied on first submission in 2025.
How does a conversational security assessment improve underwriting?
A conversational security assessment improves underwriting by replacing the static questionnaire with an AI-led interview that follows up on vague or high-risk answers and captures the operational context behind each control. Instead of a checkbox, the underwriter gets a structured record of how a control is actually implemented, enforced, and tested — the "why" that both forms and external scans miss. Paired with continuous scanning, it lets carriers price the risk that's real rather than the one that fit in a form.
Conclusion
Coalition earned its place among the largest cyber insurers by treating underwriting as a live intelligence problem: it scans continuously, alerts early, and prices risk from data rather than a one-time form. That is the right lesson for the rest of the industry — but Coalition cyber insurance AI, like every scanning-based model, still has a blind spot where internal process, enforcement, and intent live. External data sees the outside of a business; only a conversation captures the inside. The carriers that pair continuous risk monitoring with a conversational security assessment will underwrite more accurately, deny fewer claims, and win the accounts that reward a better intake experience. If you're modernizing cyber or specialty underwriting, start with a Perspective AI interview in place of your next intake form and see what your applicants tell you when you actually let them explain.
More articles on Intelligent Intake
AI for Commercial Real Estate in 2026: Tools for Brokers, Investors & Property Managers
Intelligent Intake · 12 min read
AI Lead Generation Tools for Real Estate in Canada (2026)
Intelligent Intake · 14 min read
Baker McKenzie's AI Strategy: How the World's Largest Law Firm Is Rethinking Client Intake
Intelligent Intake · 13 min read
Clearcover's AI-Native Auto Insurance: API-First Claims and the Conversational Quote
Intelligent Intake · 12 min read
Ethos and the AI Life-Insurance Playbook: No-Exam Underwriting Meets the Conversational Health Interview
Intelligent Intake · 13 min read
Kin Insurance's Direct-to-Consumer AI: Catastrophe Risk and the Conversational Property Interview
Intelligent Intake · 12 min read